A dive into the world of MS-DOS viruses

Ah yes, I have fond memories of writing TSR pranks that hooked common DOS interrupts (not technically viruses since they didn&#x27;t infect&#x2F;replicate) that did things like:<p>1) buffer 1 keystroke in memory (so typing diw&lt;backspace&gt;r would leave &quot;di&quot; on screen - then they&#x27;d type &quot;r&quot; and get an &quot;r&quot; and then hit enter and get another &quot;r&quot;, then they&#x27;d hit backspace to correct the &quot;dirr&quot; and the command would execute, etc)<p>2) hooked the printer interrupt to introduce typos in printouts<p>3) randomly swap letters on the screen periodically<p>Fun times. It&#x27;s probably for the best that I grew up in the era that I did since pulling pranks like these has a high risk of getting slapped with felony charges in this day and age.

Guilty. In 1988 or so I made a virus that attached to .com files, which would spread it to others when executed. It was never released into the open. On each infection, it incremented a generation counter. Upon reaching a certain value, the payload would trigger, causing a message to be printed.<p>What the heck was I using? MASM? TASM? I cannot remember.<p>IIRC, looking for other .com files was just using DOS&#x27;s FindFirst and FindNext functions at int 21h. (I&#x27;m now naming them in terms of their Win32 counterparts.)<p>I think I didn&#x27;t have a sanity check against duplicate infection in the early versions and added that during testing. 17 year old&#x27;s programmer&#x27;s &quot;doh&quot; moment.<p>I remember that I ran the experiments in a subdirectory called &quot;petridir&quot;. :)

I always thought the Casino DOS virus was pretty inventive. If an infected file is run on the payload date, it moves the FAT to RAM and warns the user not to shut down their computer. The user plays a game with IIRC a 1&#x2F;17 chance of winning. If they win, the FAT is restored, else it&#x27;s gone.<p>I think it&#x27;s an interesting way of holding the PC hostage.<p>A video of the virus in action: <a href="https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=wdZJHvBRRqg" rel="nofollow">https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=wdZJHvBRRqg</a>, that channel has loads of videos documenting DOS&#x2F;Win9X viruses. Some are very creative.

Any chance someone could upload the VX Heavens dataset of viruses to the Internet Archive?<p><a href="https:&#x2F;&#x2F;archive.org&#x2F;details&#x2F;malwaremuseum" rel="nofollow">https:&#x2F;&#x2F;archive.org&#x2F;details&#x2F;malwaremuseum</a>

Discussion about the 35C3 talk from a few days ago: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=18790889" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=18790889</a>

From the perspective of the user, MS-DOS was a lousy OS. However, as a tinkerer, it was super fun. To this day, my best programming memories are about using Turbo Assembler and the information from Interrup.lst to do weird things with the graphics card&#x27;s text mode (unusual resolutions, borders, 18 bit color palettes, smooth scrolling...).<p>EDIT: typo.

Wondering whats the latest activation date found in entire archive. He mentioned he sampled all dates up to 2005.

Some WERE malicious. Such as the virus &quot;FORM&quot;, which corrupted the partition somehow.